fix: ensure PDS_INTERNAL_URL is propagated and documented for Railway

[aspiers]

Problem

After #13 (handle selection), the auth service crashes at startup if PDS_INTERNAL_URL is not set — it was changed from an optional fallback to a hard requirement. The setup script generates this variable in the top-level .env but:

1. Didn't propagate it to per-package .env files (which are what you paste into Railway)
2. The .env.example had it commented out, so inject_shared_vars skipped it
3. The value it sets (http://core:3000) is Docker-specific and wrong for Railway

This caused a crash in Railway staging.

Changes

• scripts/setup.sh: Add PDS_INTERNAL_URL to the inject_shared_vars list; add Railway warning to print_next_steps about changing the Docker value
• packages/auth-service/.env.example: Uncomment PDS_INTERNAL_URL and mark as required
• docs/deployment.md: Expand Railway section with specific steps to find and set the correct internal URL
• docs/configuration.md: Mark PDS_INTERNAL_URL as required, add local dev value

Summary by CodeRabbit

• Documentation

  • Clarified PDS_INTERNAL_URL as required, added Railway-based deployment steps, examples, and local-dev guidance; notes that auth service will fail to start if unset.

• Configuration

  • Updated env examples to require PDS_INTERNAL_URL and include local/docker URL guidance.
  • Setup scripts now propagate PDS_INTERNAL_URL to package env files and provide Railway-specific next steps.

• Bug Fixes

  • Added early validation to surface missing internal envs with a descriptive startup error.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
epds-demo	Ready	Preview, Comment	Mar 14, 2026 7:52pm

[coderabbitai]

📝 Walkthrough

Walkthrough

PDS_INTERNAL_URL is now treated as a required internal config: docs, .env examples, setup scripts, and auth-service runtime code were updated. A new helper enforces presence of PDS_INTERNAL_URL and EPDS_INTERNAL_SECRET at auth-service startup, and setup/deployment guidance (including Railway commands) was added.

Changes

Cohort / File(s)	Summary
Documentation & Deployment docs/configuration.md, docs/deployment.md	Marked PDS_INTERNAL_URL as required with startup-crash warning; added Railway-specific instructions to derive and set the pds-core private domain and example Railway CLI commands.
Auth service env example packages/auth-service/.env.example	Made PDS_INTERNAL_URL an active required entry (adds local-dev and Docker examples, replaces commented example with http://core:3000).
Setup script scripts/setup.sh	Propagate PDS_INTERNAL_URL in inject_shared_vars; updated print_next_steps to instruct replacing Docker value with Railway internal URL and warn about auth-service requiring a correct PDS_INTERNAL_URL.
Auth service runtime packages/auth-service/src/lib/require-internal-env.ts, packages/auth-service/src/routes/choose-handle.ts, packages/auth-service/src/routes/complete.ts	Added requireInternalEnv() that enforces PDS_INTERNAL_URL and EPDS_INTERNAL_SECRET; replaced direct env reads in routes with the centralized call returning { pdsUrl, internalSecret }.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• fix: distinguish first-time sign-up from returning login in OTP emails #5 — changes touching packages/auth-service/src/routes/complete.ts and related auth-service logic; likely overlaps in route-level updates.
• docs: document PDS invite codes setup #4 — modifies scripts/setup.sh inject_shared_vars; related changes to propagated environment variables.
• fix: retrieve login_hint from stored PAR request when not on redirect URL #6 — coordinated updates requiring PDS_INTERNAL_URL across docs, .env, and startup scripts; strongly related.

Poem

🐇 I hopped through docs and envs at night,
Found a URL that needed light.
Now required, clear, and set with care,
Auth and Core breathe easier air. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately captures the main objective: ensuring PDS_INTERNAL_URL is properly propagated to per-package .env files and documented for Railway deployment, which directly addresses the crash issue described in the PR objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/pds-internal-url-setup

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/configuration.md (1)

70-70: Optional: unify Railway placeholder naming across docs.

Line 70 uses http://<service>.railway.internal:3000, while other updated docs use <pds-core-service> / <private-domain>. Using one placeholder style will reduce copy/paste mistakes.

Proposed doc tweak

-| `PDS_INTERNAL_URL`    | **Required.** Internal URL for auth→PDS calls. Docker: `http://core:3000`; Railway: `http://<service>.railway.internal:3000`; local dev: `http://localhost:3000`. Auth service crashes at startup if unset. |
+| `PDS_INTERNAL_URL`    | **Required.** Internal URL for auth→PDS calls. Docker: `http://core:3000`; Railway: `http://<private-domain>:3000`; local dev: `http://localhost:3000`. Auth service crashes at startup if unset. |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/configuration.md` at line 70, The docs inconsistency: the
PDS_INTERNAL_URL example uses `http://<service>.railway.internal:3000` while
other docs use `<pds-core-service>` / `<private-domain>`; update the example for
the PDS_INTERNAL_URL entry to use the unified placeholder style
(`<pds-core-service>` or `<private-domain>`) so all Railway placeholders match
other docs and reduce copy/paste errors; locate the `PDS_INTERNAL_URL` table row
in configuration.md and replace the Railway placeholder accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/deployment.md`:
- Around line 134-135: The sentence incorrectly states that "without a correct
PDS_INTERNAL_URL, the auth service will crash at startup"; change the wording to
clarify that the specific startup error "PDS_INTERNAL_URL and
EPDS_INTERNAL_SECRET must be set" is raised only when the environment variables
PDS_INTERNAL_URL and EPDS_INTERNAL_SECRET are missing/unset, whereas an
incorrect but non-empty PDS_INTERNAL_URL will typically not cause a startup
crash and will surface failures later at request/runtime; update the text to
mention both cases and include the exact error string "PDS_INTERNAL_URL and
EPDS_INTERNAL_SECRET must be set" to make the distinction clear.

---

Nitpick comments:
In `@docs/configuration.md`:
- Line 70: The docs inconsistency: the PDS_INTERNAL_URL example uses
`http://<service>.railway.internal:3000` while other docs use
`<pds-core-service>` / `<private-domain>`; update the example for the
PDS_INTERNAL_URL entry to use the unified placeholder style
(`<pds-core-service>` or `<private-domain>`) so all Railway placeholders match
other docs and reduce copy/paste errors; locate the `PDS_INTERNAL_URL` table row
in configuration.md and replace the Railway placeholder accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b9db89ce-f964-412b-b10c-dd3ac9d8e06b

📥 Commits

Reviewing files that changed from the base of the PR and between 3b76655 and 521e070.

📒 Files selected for processing (4)

• docs/configuration.md
• docs/deployment.md
• packages/auth-service/.env.example
• scripts/setup.sh

[coveralls-official]

Pull Request Test Coverage Report for Build 23095139064

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 0 of 8 (0.0%) changed or added relevant lines in 3 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 27.05%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
packages/auth-service/src/routes/choose-handle.ts	0	1	0.0%
packages/auth-service/src/routes/complete.ts	0	1	0.0%
packages/auth-service/src/lib/require-internal-env.ts	0	6	0.0%

Totals
Change from base Build 23094915933:	0.0%
Covered Lines:	464
Relevant Lines:	1571

---

💛 - Coveralls

[coderabbitai]

🧹 Nitpick comments (1)

packages/auth-service/src/lib/require-internal-env.ts (1)

8-21: Incomplete migration: other files still read env vars directly.

Per the relevant code snippets, several files still read PDS_INTERNAL_URL and EPDS_INTERNAL_SECRET directly from process.env with fallbacks instead of using this helper:

• account-settings.ts (lines 50-51)
• auto-provision.ts (line 18)
• better-auth.ts (lines 167-170)
• login-page.ts (lines 130-132)

These will silently fall back to empty strings or alternative URLs rather than failing fast at startup. Consider migrating these call sites in a follow-up PR to ensure consistent behavior.

Would you like me to open a new issue to track migrating the remaining direct env reads to use requireInternalEnv()?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/auth-service/src/lib/require-internal-env.ts` around lines 8 - 21,
Update the call sites that read PDS_INTERNAL_URL and EPDS_INTERNAL_SECRET
directly to use the requireInternalEnv() helper: import requireInternalEnv and
replace direct uses of process.env.PDS_INTERNAL_URL /
process.env.EPDS_INTERNAL_SECRET (and any fallbacks to '' or alternate URLs)
with the returned { pdsUrl, internalSecret } values so the app fails fast on
missing vars; specifically change the usages in account-settings.ts,
auto-provision.ts, better-auth.ts, and login-page.ts to call
requireInternalEnv(), remove local fallbacks, and adjust references to use
pdsUrl/internalSecret, and run tests/build to ensure imports/paths are correct.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/auth-service/src/lib/require-internal-env.ts`:
- Around line 8-21: Update the call sites that read PDS_INTERNAL_URL and
EPDS_INTERNAL_SECRET directly to use the requireInternalEnv() helper: import
requireInternalEnv and replace direct uses of process.env.PDS_INTERNAL_URL /
process.env.EPDS_INTERNAL_SECRET (and any fallbacks to '' or alternate URLs)
with the returned { pdsUrl, internalSecret } values so the app fails fast on
missing vars; specifically change the usages in account-settings.ts,
auto-provision.ts, better-auth.ts, and login-page.ts to call
requireInternalEnv(), remove local fallbacks, and adjust references to use
pdsUrl/internalSecret, and run tests/build to ensure imports/paths are correct.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e83cb4d7-e0cb-43b5-a12f-c190e45d1f7a

📥 Commits

Reviewing files that changed from the base of the PR and between 521e070 and 53f05b6.

📒 Files selected for processing (7)

• docs/configuration.md
• docs/deployment.md
• packages/auth-service/.env.example
• packages/auth-service/src/lib/require-internal-env.ts
• packages/auth-service/src/routes/choose-handle.ts
• packages/auth-service/src/routes/complete.ts
• scripts/setup.sh

🚧 Files skipped from review as they are similar to previous changes (2)

• scripts/setup.sh
• docs/configuration.md